Results 1 to 7 of 7

Thread: ENCAPI32.dll aka VIRTUMONDE.SDN

  1. #1
    Junior Member Mega Tornaconto's Avatar
    Join Date
    Feb 2007
    Location
    Turin ITALY
    Posts
    20

    Default ENCAPI32.dll aka VIRTUMONDE.SDN

    hello everybody
    the last scan of updated S&D found Virtumonde.sdn on c:\windows\system32\encapi32.dll that was an old file referring to Microsoft Encarta.
    The result of the scan is attached.
    Well I think it could be a false positive.
    Please have a look

    Live long and prosper

  2. #2
    Senior Member Yodama's Avatar
    Join Date
    Oct 2005
    Location
    Buchenheim
    Posts
    1,110

    Default

    Thank you for reporting this false positive.
    It will be fixed with the next detection update scheduled for Wednesday 2010-04-14.
    Until then you can exclude further detection of ENCAPI32.dll if you right click it in the scan result and select to "exclude this detection from further searches".
    born in the shadow to die in the shadow, that is the fate of the shinobi

    Spybot S&D Downloads

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member Mega Tornaconto's Avatar
    Join Date
    Feb 2007
    Location
    Turin ITALY
    Posts
    20

    Default thanks for confirming

    Hi Yodama,
    thanks for Your official confirm, as I wasn't sure at 100% (it's a long time I don't use this old version of Ms Encarta).
    Happy, however, to contribute to the correct developing of Spybot
    Have a nice weekend

    Live long and prosper

  4. #4
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    As far as I know, Virtumonde uses the file "encapi32.dll" as well, but filesize and MD5 are different.
    Best regards - Beste Gre,

    Matt

  5. #5
    Junior Member Mega Tornaconto's Avatar
    Join Date
    Feb 2007
    Location
    Turin ITALY
    Posts
    20

    Default filesize and MD5 are different

    Hi, Matt
    I knew about the use of ENCAPI32 by Virtumonde, so I attached the md5 and filesize information in text file. In the meanwhile I'm waiting to the update of wednsday and I'll try to scan the system again: surely I'll post any new.
    Eventually I can attach the zipped ENCAPI32 itself if you need more investigation.
    Have a good weekend

    LIVE LONG AND PROSPER

  6. #6
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Quote Originally Posted by Mega Tornaconto View Post
    Have a good weekend

    LIVE LONG AND PROSPER
    Same to you.
    Best regards - Beste Gre,

    Matt

  7. #7
    Junior Member Mega Tornaconto's Avatar
    Join Date
    Feb 2007
    Location
    Turin ITALY
    Posts
    20

    Default new scan: no more false positive

    Hello everybody,
    its confirmed.
    after a new scan with updated S&D files, Your software does not detect the encapi32.dll as Virtumonde anymore.
    I can confirm that the problem is fixed.
    Tnks for Your continuous work

    Live long and prosper

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •